Slashdot Mirror
Microsoft to Issue Emergency Patch For File-Sharing Hole
An anonymous reader writes "Microsoft said late Wednesday that it plans to release a critical security update today to plug a security hole present in all supported versions of Windows. The company hasn't released any details about the patch yet, which is expected to be pushed out at 1 p.m. PT. Normally, Redmond issues security updates on Patch Tuesday, the second Tuesday of each month. The Washington Post's Security Fix blog notes that each of the three times in the past that Microsoft has departed from its patch cycle, it was to fix some really nasty vulnerability that criminals already were exploiting to break into Windows PCs."
Reader filenavigator points out an article which describes the hole as an SMB vulnerability, and says it "allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable." Update: 10/23 17:42 GMT by T : Reader AngryDad adds a link to Microsoft's more detailed memo.
...I don't use computers. They are too much of a security risk.
Let's hope that the renewed Samba compatibility effort by MS means that this bug will be ported over.
Still got plenty of time before this afternoon to turn your college campus into a botnet!
At least they didn't describe it as a MAC vulnerability
"No, but understanding is not required, only obedience."
Those damn FOSSies can gain access to SMB shares
Quick, patch it....
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
Don't worry, the NSA and the RBN have plenty of Windows Backdoors(tm) left to use.
allows anyone to access a Windows machine remotely without any user name or password. Any machine that exposes Windows file sharing is vulnerable
Yet this comment in the "Can You Trust Anti-virus Rankings?" thread, where I noted that a dual boot with internet for linux and with networking disabled in Windows was better than AV was modded down. Of course, a lot of MSCEs and Microsoft employees come to slashdot, and I'm sure a few get mod points once in a while. No matter, my karma's fine.
And yes, kiddies, you DO need a firewall for ANY OS and any OS is prone to trojans. But no AV will protect you against an unknown trojan OR the vuln mentioned in TFA, and no firewall will keep out someone you explicitly let in.
<tinfoil hat>
Some might wonder if this vuln was introduced on purpose as a weapon against the Pirat Bay? You can bet that a lot of people are uninstalling Kazaa, Morpheus, and all other legit and illigit P2P apps. Getting rid of P2P is a blow against FOSS and indie music.
Free Martian Whores!
Why patch? Looks like they went a long way to achieve this already!
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.
I need to dust of my IMB Selectric III?
Beer is proof that God loves us and wants us to be happy.
Has been windows' stink hole for the last 10 years. Lets hope that most people have learned they need to cover it up.
Why hasn't this been caught in the 3,000 previous security issues patched for Windows? It seems like kind of a biggie. In that list you linked to (thank you) it's present in all service packs for XP (the only Windows I use).
I don't have any of the affected services enabled so it doesn't affect me, but I think a lot of that stuff is on or can be easily activated by default.
Again, why did it take so long to catch this one? The tinfoil hat backdoor NSA spook theories seem almost believable.
Microsoft has had something like this occur regularly enough that I found myself already skipping to the next story without even reading the complete heading.
I still cannot understand why major corporations run Windows of any version in enterprise server farms. They've had so many warning signs, so many high security breaches, so many alarms, and they're still very "ho-hum" about it.
If you read the post slowly and actually acknowledge what it says, it's saying that ever since the incarnation of Windows elite hackers from Russia (or anywhere else) have been able to steal files on any machine with no problem. The underground top hackers have exploits that they guard with top secrecy and keep in their box of tricks when nothing else "known" is working.
Come on, seriously! No other product provider on the planet would be allowed such leniency. Microsoft never feels any repercussions of any of these incredible security holes. They don't even loose business over it! When is enough, enough????
It's been years since I've tried, but doesn't SMB get dropped by some / all of the major residential carriers at this point? I know AT&T was dropping port 139 last time I tried leaving a machine wide open and exposed.
It's a nasty vulnerability and all, I'm just wondering if this could go all blaster / sasser.
There are some people that if they don't know, you can't tell 'em.
I notice on that page that the aggregate security rating is listed as 'Critical' for all versions of Windows up to Vista. All of the Vista and Server 2008 security ratings are listed as 'Important' even though they still allow for remote code execution..
Has Microsoft watered down the wording of 'Critical' to 'Important' simply to make newer versions of their OS sound like they are more secure?
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Current IP filters on DOCSIS(cable) networks are actually outbound filters done at the modem which can be turned off if you've got an uncapped modem. I haven't seen any inbound filters on any DOCSIS networks(I've looked at Cox, Comcast, RR, and Charter) on 135/139.
www.isoHunt.com
You know that a vulnerability is bad when Microsoft goes out of its regular patching cycle to hurry and plug the hole so quickly, instead of following their usual philosophy of saying "What are you talking about? There is no security hole in Windows!" and quietly patching it a few months later amidst a flood of inocuous driver updates.
And you Winders users - please DON'T forget to REBOOT after you apply this security patch (with no doubt extra luggage attached)!
I can see 5% of the Internet blinking on/off/on/off..... {6 hours}.... on again tonight.
This would be a start: http://www.redhat.com/promo/ipa/
NIS, but it's kind of old and screwy. Nowadays you can hook things into LDAP if you want.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Windows, it is.
---- Booth was a patriot ----
this time.... They are tired of having "Super Tuesday" associations...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Considering how many people run un-patched, i don't think there is any hurry.
---- Booth was a patriot ----
do a search for LDAP.
Here's a comparison of some options:
IBM SecureWay Directory,
Messaging Direct M-Vault,
Microsoft Active Directory,
Netscape Directory Server,
Novell eDirectory,
OpenLDAP.
My friends and I have known about this hole since high school. Every version of Windows with SMB has underlying, invisible, "root" accounts which cannot be removed without a great deal of diligence. These accounts have no password and give full access to the SMB share. I'm shocked that it has taken Microsoft this long to address the issue.
I find it more than a bit ironic that the /. story two down from this one is titiled "Microsoft Working For Samba Interoperability".
No, no sig. Really.
ThePromenader
Yeah, but all it takes is ONE person to run an email attachment (or exploit some other hole) and then it's on every computer on the LAN
windows file sharing has to my knowledge absolutely nothing to do with any P2P program.
True, which is why I tagged the article !p2p, but the public doesn't know that. The news media, owned by the proprietary entertainment industry, have associated "file sharing" with programs such as LimeWire, eMule, and BitTorrent.
We are sorry, due to the popularity of this event, registration is now full. Please search for another event.
figures.....
Are you asking if there is something like LDAP of which AD is composed of that runs on Linux boxes?
Somebody with file/print servers.
In Soviet college, files serve you?
Check out my sci-fi/humor trilogy at PatriotsBooks.
idiot
-Lod
Because on Vista you get a prompt: "Your computer is being hacked. Cancel or Allow?"
I really don't mean to be a dick, but it really aggravates me when people say that AD=LDAP. LDAP is the protocol used to access AD, and then beyond that there is the actual Active Directory system, which is way fucking more than just an LDAP server. Have you worked with group policy, which is possibly the main feature of AD? It's just a protocol used to access and structure Active Directory, and if you think that just implementing LDAP in a Linux environment brings you anywhere even close to the functionality of AD, then I'm sorry, but you just don't know what you're talking about. eDirectory is comparable to AD, LDAP is not.
Mindless MS bashing does no good.
HERETIC! IMPOSTOR!
Please turn in your slashdot ID card at the door!
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
So your previous amount of security turned out to be: NONE. Anyone could have remotely executed arbitrary code without authentication.
I wonder how much security you will have after the update?
... the bug was found on one of the interoperability fests:
...
...
... this is why fucking America is all that fucked up ... how the fuck should we ever control that fucking mob ... fuck!
Samba Guy: Hey dude, look, when I open a connection _this way_ I get strange replies. There is nothing similar in the docs
MS Interoperability Officer Sir, the protocol is just to complex. I wouldn't care. How about putting little hears into the password dialog, I don't like the asterisks, anyway.
Samba Guy: Dude, come on, I want to understand how the stuff works...
MS Interoperability Officer: Sir, hmm, must be part a proprietary, essential, internal routine framework. It's in there since ages. The software works, we make billions from it.
Samba Guy: But what does it do? Why do you need it?
MS Interoperability Officer: Don't know. The guy who coded it left the company.
Samba Guy: Can't we just call him?
MS Interoperability Officer: Don't think so. He must be cleaning his Yacht somewhere near Tanzania right now.
Samba Guy: Well dude, then let's see what's gonna happen if I keep going on...
MS Interoperability Officer: Sir, I'm bored. I don't like your black console anyway. It feels so 50ths.
MS Interoperability Officer: Sir, I'm in the position to offer you a free trial for Microsoft Visual Studio 2009 with Ribbon TM included.
Samba Guy: Look dude, I just got root on your machine.
MS Interoperability Officer: Sir, which idiot gave you my password?
Samba Guy: No password, dude. I just opened the connection, look here
Samba Guy show 4 lines of code.
MS Interoperability Officer: Sir, please hold on, I need to call my chief security officer.
MS Interoperability Officer talking on the phone (next door).
Minutes later the door is opened violently. Gates and Balmer enter the scene guarded by five NSA officers.
Gates: Sir, I'm sorry, you found one of the many backdoors we built into all versions of Microsoft Windows TM released after 1999. I suppose you will perfectly understand that all algorithms concerning that matter is our intellectual property which is protected by American Law.
NSA Officer (in monotone voice): Sir, I'll now use this Neutralizer TM device to erase your memories of the last twenty-four hours. You've never been in this building and you never knew about the federal data acquisition program.
A bright flash of light gets emitted from the little device.
Samba Guy: Shit, my eyes. What the fuck is wrong with you guys. That code is so freaking stupid. You can't be serious...
Another NSA Officer (in aggressive voice): Shut up criminal bastard!
First NSA Officer (in same monotone voice): Sir, you might have consumed a critical cumulative dose of THC during adolescence. The resulting altered brain circuity is resistant to portable neutralizer devices. I'm sorry to inform you're temporally arrested under federal law.
Samba Guy: Bull shit, you have no idea what you're talking about. Look I've got a hock running that sends every command I type on the console directly to twitter. Everybody does it, it's lot's of fun. Nothing I do is secret. I believe in sharing of ideas.
Ballmer (in rage): Motherfucking communists
Ballmer, well, throws chairs.
Gates (calling the still governing president of the United States): My president, sir, I'm sorry to inform you, due to certain circumstances, details concerning the federal data acquisition program might just have been leaked to the public.
Samba Guy: Hey dude, the story is already on digg. I think you should issue a patch before it is on slashdot.
Curtain gets drawn, applause.
Off stage voice: Thank you ladies and gentlemen. Please don't forget to visit windowsupdates.microsoft.com
it really aggravates me when people say that AD=LDAP. LDAP is the protocol used to access AD, and then beyond that there is the actual Active Directory system, which is way fucking more than just an LDAP server.
I agree. LDAP is a protocol; AD is an LDAP-capable directory. A very weak, vendor-locked, OS-version-specific, poorly performing directory that in many ways compensates for corresponding weaknesses in the Windows OS, so that together AD and Windows add up to a reasonably usable system, almost as capable as a standards-compliant system.
If that sounds like a troll or flamebait it's certainly not meant to be. It's just an honest appraisal - I've worked with directories since the late 80s, and AD is not a particularly good example of a directory since it is so specialized for dealing with MS-windows problems that other platforms don't necessarily have (they have completely other problems, of course).
I have around 600 systems running from OpenLDAP these days. Most of these are windows desktops that think they are talking to AD, but I've also got HP-UX, Solaris, 3 flavors of linux, a single mac, and we used to have AIX too. All running from a single, massively replicated OpenLDAP directory that requires far less maintenance and hardware than AD does.
So yes, you're quite right. AD is much more than an LDAP server. It's an enterprise directory, and may someday evolve into a good one... it's still a young product and has a lot of catching up to do before it can compete with eDirectory.
Any machine that exposes Windows file sharing is vulnerable.
When will the Ubuntu patch come out?
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The FA (both the official MS KB article and technet blog article) mention the fix was discovered after observing exploits in the wild, so yes.
No patch for Windows 98SE?
Sure, right after I withdraw some cash from the automatic ATM machine.
Hail Eris, full of mischief...
E pluribus sanguinem
You mean port 137, 138, 139, and now 445, right? 135, according to /etc/services, is for "epmap", which is "DCE endpoint resolution".
Hail Eris, full of mischief...
E pluribus sanguinem
I would argue OS X is more vulnerable than many systems. Apple tends to be slow to patch holes in open source components of OS X like apache, php, bind, and python.
I'm saying this as an OS X admin at work. If you ant security, you use a mainstream bsd or mainstream linux distro. They have enough users to keep up on common security issues and get new packages (or ports) out.
I don't take patch counts to mean as much anymore because it might be that the developers take threats more seriously than others. If you look at redhat, they offer a lot of new updates but often they're for stupid things that aren't moderate or high priority. Microsoft tends to fix that stuff in the next version of windows if they're going to.
MidnightBSD: The BSD for Everyone
You should look into Windows Server Update Services...
http://technet.microsoft.com/en-us/wsus/default.aspx
My sig can beat up your sig.
ldap, nis, etc.
Microsoft has released eight patches for applications with an insufficient number of security holes.
"Our market is the enterprise," said Microsoft security marketer Jonathan Ness. "Information technology professionals know that Windows is the greatest IT job creation scheme in history. Without Patch Tuesday, there's no reason for the experienced IT worker to spend his time hiding out in the server room watching progress bars and getting over his hangover. Also, you can't tell people a virus ate their mail, you actually have to get it back for them."
Several faintly cat-piss-smelling Linux users pointed and laughed in a nerdy bray at the news and a much larger number of annoying Mac users showed off their new model iPod Nanos.
http://rocknerd.co.uk
As you appear to need severe help; here; but next time read the KB article, it tells you alternative locations to download from, including the Update Catalog Site which even uses a shopping basket metaphor. Errr. If you're using IE.
Windows 2000 SP4: http://www.microsoft.com/downloads/de...=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3
Windows XP SP2: http://www.microsoft.com/downloads/de...=0D5F9B6E-9265-44B9-A376-2067B73D6A03
Windows XP SP3: http://www.microsoft.com/downloads/de...=0D5F9B6E-9265-44B9-A376-2067B73D6A03
Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/de...=4C16A372-7BF8-4571-B982-DAC6B2992B25
Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/de...=4C16A372-7BF8-4571-B982-DAC6B2992B25
Windows Server 2003 SP1: http://www.microsoft.com/downloads/de...=F26D395D-2459-4E40-8C92-3DE1C52C390D
Windows Server 2003 SP2: http://www.microsoft.com/downloads/de...=F26D395D-2459-4E40-8C92-3DE1C52C390D
Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400
Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/de...=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400
Windows Server 2003 with SP1 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=AB590756-F11F-43C9-9DCC-A85A43077ACF
Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=AB590756-F11F-43C9-9DCC-A85A43077ACF
Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/de...=18FDFF67-C723-42BD-AC5C-CAC7D8713B21
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/de...=A976999D-264F-4E6A-9BD6-3AD9D214A4BD
Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/de...=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/de...=7B12018E-0CC1-4136-A68C-BE4E1633C8DF
Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=2BCF89EF-6446-406C-9C53-222E0F0BAF7A
Phew. Until you chimed in I was starting to think I was the only one.
AD is an LDAP-capable directory. A very weak, vendor-locked, OS-version-specific, poorly performing directory that in many ways compensates for corresponding weaknesses in the Windows OS, so that together AD and Windows add up to a reasonably usable system, almost as capable as a standards-compliant system.
I've never seen that put so intelligently before!
I also have worked with openLDAP and also with commercial LDAP and X.500 servers, AD has improved, but the notion that it is a real directory server is farcical, it comes with a default schema that integrates well with one OS, give it another 10 years and it may become a genuinely scalable cross platform directory server, otherwise it remains useless.
"Linux is for noobs"-The new MS fud strategy
You mean like this phrase:
Disable the Server and Computer Browser services
In the section titled: "workarounds".
Yeah, it would be great if they would share that with us.
... and their "making available" theory. They could soon be raking in $Trillions in statutory damages from the public.
Mod this AC up, the link is an interesting read.
I'm no coder, I didn't understand most of what the article says, but I got the gist of it:
In my opinion, hand reviewing this code and successfully finding this bug would require a great deal of skill and luck.
Our present toolset does not catch this bug.
First the good news; I think perhaps we have removed a good number of the low-hanging security vulnerabilities from many of our products, especially the newer code. The bad news is, we'll continue to have vulnerabilities because you cannot train a developer to hunt for unique bugs, and creating tools to find such bugs is also hard to do without incurring an incredible volume of false positives.
I'll be blunt; our fuzz tests did not catch this and they should have. So we are going back to our fuzzing algorithms and libraries to update them accordingly.
My opinion is Microsoft should have been taking the money they were getting from charging for tech support and put it into more testing and reviewing code.
I love how at the end of the article he turns it into an ad for Windows Vista.
Of course, Microsoft allowed the NSA to enter Windows. The RBN had to find their own way through the mess of insecurity to find a nice looking aluminium door.
signature is pants
Wow! I thought I was the only one with that pet peeve.
The feature is Group policy. Without it, its just Kerb+LDAP with LDAP backed services. Well, mostly.
You, my friend, have just hit the motherlode!
http://www.cgisecurity.org/2008/10/emergency-micro.html
Much like the last SMB exploit?
http://it.slashdot.org/article.pl?sid=08/05/29/1844246
Every network I've been on and even some of my current company's ISPs have a policy of blocking all traffic on smb/nmb ports (e.g. 137 and 139).
Those types of filters prevent anyone following a smb:// link outside their network which prevented that last exploit. Is this new exploit in the same category?
I think this default filtering is from way back in the day when remote MS Windows SMB/NMB exploits were a dime a dozen and/or network admins wanted to make sure files weren't being shared to the world.
A flaw in the code is not necessary to take over windows PCs. Back in the day [others not me] used to scan IP ranges for people with file sharing enabled out to the internet [i deny i ever did this hehe]. I must stress it's stupidly simple to inadvertently leave your windows network and shares wide open to the world. It takes someone to enable file sharing on the ICS host, enable it in the firewall on both network adapters. There are no warnings to the user that this will expose any shares to the world. [Add to that the number of blank passwords to administrator accounts out there :S]. Even today I rekon 1 in 40 windows machines on a broadband cable/adsl [and not behind a port blocking router] is vunerable in this way. Few ISPs in my area are clued up to blocking the appropriate ports it seems. All it would take is a simple pop up window if you try to enable file sharing on your internet facing network adaptor. (I wonder would this put a big dent in the botnet population?)
Personally, I don't actually care too much, everyone should have their equipment behind a decent dedicated firewall end of story. Relying on a firewall in the same OS was always going to be a less than ideal solution, let alone one by microsoft.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
For how many of those should you write instead "that Microsoft bought and supports"?
And how many of those can you take and say "gee, this is actually a product with quality, well designed, stable, good."?
Just asking...
I have.
I need to share some files and a printer with other computers on my LAN.
I know it's crazy talk , but there you go~
The Kruger Dunning explains most post on
NIS is junk. It's buggy, unstable and insecure. NIS blows up if you sneeze in the general direction of the NIS master or any of the slaves, even.
Bleh.
The closest thing to ActiveDirectory on *nix is a LDAP-based enterprise directory coupled with TLS, Kerberos 5, GSSAPI, and PAM-KRB5 and PAM-LDAP for authentication and authorization, Samba for file-sharing (using LDAPSAM for accounts). Add Linux AutoFS with LDAP support and you can have something like MS-DFS, but tons more secure.
I have personally implemented such systems.
My blog
At the border yes, but I recall sniffing direct connections to Verizon (and others) and there are usually several systems on your netblock infected with something and you will see probes from them.
The Samba guys should be happy considering that M$ is sending their best minds to help them achieve compatibility. How about if we do it the other way - send the Samba guys to Windows-world to show them how it should be done?
Ok, but it's not directly linked from the start page contents. Click "Server Service Vulnerability - CVE-2008-4250" Click "Workarounds for Server Service Vulnerability - CVE-2008-4250" There you go, but it really should be the first note for those that want an immediate fix.
-- these are only opinions and they might not be mine.
In the 'not credible' sense. Pure back-slapping.
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
"Over the last year or so I've noticed that the security vulnerabilities across Microsoft, but most noticeably in Windows have become bugs of a class I call "onesey - twosies" in other words, one-off bugs."
"The $64,000 question we ask ourselves when we issue any bulletin is "did SDL fail?" and the answer in this case is categorically "No!""
"The bad news is, we'll continue to have vulnerabilities because you cannot train a developer to hunt for unique bugs, and creating tools to find such bugs is also hard to do without incurring an incredible volume of false positives. With all that said, I will add detail about one-off bugs to our internal education; I think it's important to make people aware that even with great tools and great security-savvy engineers, there are still bugs that are very hard to find."
FAIL.
Look, if you're getting a constant FLOW of 'one-off' bugs being found by third parties -- no matter how theoretically 'hard' it is to find these bugs, and no matter how sophisticated your methods, there's something very, very wrong with your methods, BECAUSE THE BLACK HATS ARE ABLE TO DO IT SO WHY CAN'T YOU?
The chance of the black hats finding this bug turned out to be 100%.
If you scored less than that, I don't care your reasons, you lose, thanks for playing, try again.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
Of course butter flies! Now how high and far depends on what exactly you use to launch it. ::}
I find it somewhat ironic that higher access to broadband will probably reduce the number of users who will be exploited vs the Blaster virus.
Sitting behind a NAT or other firewall because your machine is not direct dialing and ISP and getting a public IP will probably mean that an attacker won't be able to directly exploit this.
Read that on /. Re-posting to share.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
There are still millions of systems where Windows Update has broken and won't receive any patches and the "muppets" can't being to understand that if you try to explain it to them.
Who thinks this is the last hole in this particular service Microsoft will have to issue an emergency patch for? Anybody? Anybody at all?
I think it's 50/50 whether the patch itself ads a new vulnerability. Will we never learn?
BTW, there are still remotely exploitable full control vulnerabilities in a fully patched Windows machine, even before you install any apps. There always will be. Windows: it's not for networking (tm).
Help stamp out iliturcy.
Why the heck did they architect end-user versions of Windows to not only HAVE RPC but REQUIRE it for normal operations? The security bulletin on this sounds very much like the one for Blaster and we all know what a disaster THAT was.
"Botnets, spammers botnets!
What kind of boxes make up botnets?"
Compaq, HP, Dell and Sony, true.
Gateway, Packard Bell, maybe even ASUS, too!
Are boxes, found on botnets, all running Windows, FOO!"
Guaranteed! This comment 100% Anthrax free!
Here's a hint - Microsoft's AD is a poor imitation of Novell's Directory Services (now eDirectory).
Novell even offered Microsoft the NDS codebase for free, back in the good old days of Netware 4 and NT4, but Microsoft insisted on writing their own implementation.
Astroturfing asshat.
One swallow does not a fellatrix make
It was a joke. Funny...
Jesus, I have no problems at all with Windows users.
As long as there are slaughterhouses, there will be battlefields.
is there something for it that works like AD.
Samba can operate as an AD domain controller.
Linux can be configured to be an AD client.
Everything I needed to know about life, I learnt from Blake's Seven
The follow up post did a far better job explaining that I can do, but please notice that i never said AD=LDAP ("LDAP of which AD is composed of" -- think "contains' vs "is") (it's not as snarky if i have to write a paragraph about the distinctions!)
The OP only asked for something that can manage permissions for thousands of users. They never asked for the identical (mis-)functionality of AD. Scaling out from "managing a user list on one linux box" doesn't need AD.
Yeah, now that I'm going back and reading the OP and your posts, I do realize that I was misinterpreting both of you, and I'm sorry for being kinda rude in my post; you do make a good point.
Hah. I was really trying to give some measured snarkiness in case the op was trolling. ;)
I'm sorry, but I am going to have to report you for breaking the ToS for apologizing on slashdot. Actually, i want to see more about your Popsicle project but i don't have a ieee membership.